Details of VAR-201906-0501

ID

VAR-201906-0501

CVE

CVE-2019-12822

TITLE

Embedthis GoAhead Buffer error vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2019-005500

DESCRIPTION

In http.c in Embedthis GoAhead before 4.1.1 and 5.x before 5.0.1, a header parsing vulnerability causes a memory assertion, out-of-bounds memory reference, and potential DoS, as demonstrated by a colon on a line by itself. Embedthis GoAhead Exists in a buffer error vulnerability.Service operation interruption (DoS) It may be in a state. EmbedthisSoftwareGoAhead is an embedded web server from EmbedthisSoftware, USA. A buffer overflow vulnerability exists in the http.c file in versions of EmbedthisGoAhead4.1.1 and 5.x prior to 5.0.1. The vulnerability stems from a network system or product that does not properly validate data boundaries when performing operations on memory, causing erroneous read and write operations to be performed on other associated memory locations. An attacker could exploit the vulnerability to cause a buffer overflow or heap overflow

Trust: 2.25

sources: NVD: CVE-2019-12822 // JVNDB: JVNDB-2019-005500 // CNVD: CNVD-2019-19301 // VULHUB: VHN-144607

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-19301

AFFECTED PRODUCTS

vendor:	embedthis	model:	goahead	scope:	gte	version:	5.0.0	Trust: 1.0
vendor:	embedthis	model:	goahead	scope:	lt	version:	4.1.1	Trust: 1.0
vendor:	embedthis	model:	goahead	scope:	lt	version:	5.0.1	Trust: 1.0
vendor:	embedthis	model:	goahead	scope:	eq	version:	4.1.1	Trust: 0.8
vendor:	embedthis	model:	goahead	scope:	eq	version:	-	Trust: 0.8
vendor:	embedthis	model:	goahead	scope:	lt	version:	5.x	Trust: 0.8
vendor:	embedthis	model:	goahead	scope:	eq	version:	5.0.1	Trust: 0.8
vendor:	embedthis	model:	software embedthis software goahead	scope:	lt	version:	4.1.1	Trust: 0.6
vendor:	embedthis	model:	software embedthis software goahead	scope:	eq	version:	5.*<5.0.1	Trust: 0.6

sources: CNVD: CNVD-2019-19301 // JVNDB: JVNDB-2019-005500 // NVD: CVE-2019-12822

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-12822
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-12822
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2019-19301
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201906-610
value:	HIGH
Trust: 0.6
VULHUB:	VHN-144607
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-12822
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-19301
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-144607
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-12822
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2019-19301 // VULHUB: VHN-144607 // JVNDB: JVNDB-2019-005500 // CNNVD: CNNVD-201906-610 // NVD: CVE-2019-12822

PROBLEMTYPE DATA

problemtype:	CWE-119	Trust: 1.1
problemtype:	CWE-917	Trust: 1.0
problemtype:	Buffer error (CWE-119) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-144607 // JVNDB: JVNDB-2019-005500 // NVD: CVE-2019-12822

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201906-610

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201906-610

PATCH

title:	Comparing changes GitHub	url:	https://github.com/embedthis/goahead/compare/5349710...579f21f	Trust: 0.8
title:	EmbedthisGoAhead Buffer Overflow Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/165345	Trust: 0.6
title:	Embedthis GoAhead Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93827	Trust: 0.6

sources: CNVD: CNVD-2019-19301 // JVNDB: JVNDB-2019-005500 // CNNVD: CNNVD-201906-610

EXTERNAL IDS

db:	NVD	id:	CVE-2019-12822	Trust: 3.9
db:	JVN	id:	JVNVU92569237	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-005500	Trust: 0.8
db:	CNNVD	id:	CNNVD-201906-610	Trust: 0.7
db:	CNVD	id:	CNVD-2019-19301	Trust: 0.6
db:	VULHUB	id:	VHN-144607	Trust: 0.1

sources: CNVD: CNVD-2019-19301 // VULHUB: VHN-144607 // JVNDB: JVNDB-2019-005500 // CNNVD: CNNVD-201906-610 // NVD: CVE-2019-12822

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2019-12822	Trust: 2.0
url:	https://github.com/embedthis/goahead/compare/5349710...579f21f	Trust: 1.7
url:	https://github.com/embedthis/goahead/issues/285	Trust: 1.7
url:	https://jvn.jp/vu/jvnvu92569237/index.html	Trust: 0.8

sources: CNVD: CNVD-2019-19301 // VULHUB: VHN-144607 // JVNDB: JVNDB-2019-005500 // CNNVD: CNNVD-201906-610 // NVD: CVE-2019-12822

SOURCES

db:	CNVD	id:	CNVD-2019-19301
db:	VULHUB	id:	VHN-144607
db:	JVNDB	id:	JVNDB-2019-005500
db:	CNNVD	id:	CNNVD-201906-610
db:	NVD	id:	CVE-2019-12822

LAST UPDATE DATE

2024-08-14T12:40:18.639000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-19301	date:	2019-06-26T00:00:00
db:	VULHUB	id:	VHN-144607	date:	2019-06-17T00:00:00
db:	JVNDB	id:	JVNDB-2019-005500	date:	2023-05-11T08:50:00
db:	CNNVD	id:	CNNVD-201906-610	date:	2019-06-18T00:00:00
db:	NVD	id:	CVE-2019-12822	date:	2021-07-21T11:39:23.747

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-19301	date:	2019-06-26T00:00:00
db:	VULHUB	id:	VHN-144607	date:	2019-06-14T00:00:00
db:	JVNDB	id:	JVNDB-2019-005500	date:	2019-06-21T00:00:00
db:	CNNVD	id:	CNNVD-201906-610	date:	2019-06-14T00:00:00
db:	NVD	id:	CVE-2019-12822	date:	2019-06-14T14:29:00.843